Keylogger

Discussion in 'Computer Support' started by el duderino, May 11, 2004.

  1. el duderino

    el duderino Guest

    If a keylogger has been installed onto my 'puter will spybot or suchlike
    find it. If not, could someone please tell me how to check or is there a
    program out there that will find it?
    Thanks in advance
    el duderino, May 11, 2004
    #1
    1. Advertising

  2. el duderino

    Win Guest

    Do you know how to use msconfig???


    "el duderino" <> wrote in message
    news:eek:00oc.2006$...
    > If a keylogger has been installed onto my 'puter will spybot or suchlike
    > find it. If not, could someone please tell me how to check or is there a
    > program out there that will find it?
    > Thanks in advance
    >
    >
    Win, May 11, 2004
    #2
    1. Advertising

  3. el duderino

    el duderino Guest

    yes
    "Win" <> wrote in message
    news:40a09b8b$...
    > Do you know how to use msconfig???
    >
    >
    > "el duderino" <> wrote in message
    > news:eek:00oc.2006$...
    > > If a keylogger has been installed onto my 'puter will spybot or suchlike
    > > find it. If not, could someone please tell me how to check or is there

    a
    > > program out there that will find it?
    > > Thanks in advance
    > >
    > >

    >
    >
    el duderino, May 11, 2004
    #3
  4. el duderino

    el duderino Guest

    I do, I'm just not certain of what every single entry is. So I guess I
    don't :).
    Anyway, now is there any chance of some assistance or were you just checking
    my knowledge.
    The reason I ask is that I have a copy of Iopus Starr (now called 'actmon')
    which states on the site (quote)

    "Only ActMon has a unique "kernel-level" file protection: Files are not just
    hidden. They are completely inaccessible and truly invisible to unauthorized
    users. Files cannot be removed or manipulated by an unauthorized user or so
    called spyware "cleaner" applications or any other Windows software."

    So, does this mean I can see it on msconfig, if so what is the file called
    and if I can't see it is their a way to do so?
    See, I'm not just being obtuse, I would like someone who knows to help, if
    at all possible. Thanks again for any further help.

    "Birgit" <> wrote in message
    news:c7qpcg$lba$...
    >
    > "el duderino" <> wrote in message
    > news:el4oc.2630$...
    > > yes
    > > "Win" <> wrote in message
    > > news:40a09b8b$...
    > > > Do you know how to use msconfig???
    > > >
    > > >
    > > > "el duderino" <> wrote in message
    > > > news:eek:00oc.2006$...
    > > > > If a keylogger has been installed onto my 'puter will spybot or

    > suchlike
    > > > > find it. If not, could someone please tell me how to check or is

    > there
    > > a
    > > > > program out there that will find it?
    > > > > Thanks in advance
    > > > >
    > > > >
    > > >
    > > >

    > >

    >
    >
    > I doubt you do, hence your question.
    >
    >
    el duderino, May 11, 2004
    #4
  5. el duderino

    °Mike° Guest

    If you knowingly have a copy of Actmon on your
    system, then you will know the password to uninstall
    it, won't you?


    On Tue, 11 May 2004 16:02:37 +0100, in
    <jW5oc.3207$>
    el duderino scrawled:

    >I do, I'm just not certain of what every single entry is. So I guess I
    >don't :).
    >Anyway, now is there any chance of some assistance or were you just checking
    >my knowledge.
    >The reason I ask is that I have a copy of Iopus Starr (now called 'actmon')
    >which states on the site (quote)
    >
    >"Only ActMon has a unique "kernel-level" file protection: Files are not just
    >hidden. They are completely inaccessible and truly invisible to unauthorized
    >users. Files cannot be removed or manipulated by an unauthorized user or so
    >called spyware "cleaner" applications or any other Windows software."
    >
    >So, does this mean I can see it on msconfig, if so what is the file called
    >and if I can't see it is their a way to do so?
    >See, I'm not just being obtuse, I would like someone who knows to help, if
    >at all possible. Thanks again for any further help.


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, May 11, 2004
    #5
  6. el duderino

    el duderino Guest

    Please read the post. I said I had a copy of it, not that I was running it.
    I do not fully understand it so I haven't run it. There are also lots of
    others around which may well work differently. As it says "Files cannot be
    removed or manipulated by an unauthorized user or so
    called spyware "cleaner" applications or any other Windows software.".
    Therefore I wondered if anyone knew how to find out if one had it on one's
    'puter?
    And anyway, I cannot / do not want to d/l a copy of Iopus's new 'actmon', so
    it may use a new file system.

    "°Mike°" <> wrote in message
    news:...
    > If you knowingly have a copy of Actmon on your
    > system, then you will know the password to uninstall
    > it, won't you?
    >
    >
    > On Tue, 11 May 2004 16:02:37 +0100, in
    > <jW5oc.3207$>
    > el duderino scrawled:
    >
    > >I do, I'm just not certain of what every single entry is. So I guess I
    > >don't :).
    > >Anyway, now is there any chance of some assistance or were you just

    checking
    > >my knowledge.
    > >The reason I ask is that I have a copy of Iopus Starr (now called

    'actmon')
    > >which states on the site (quote)
    > >
    > >"Only ActMon has a unique "kernel-level" file protection: Files are not

    just
    > >hidden. They are completely inaccessible and truly invisible to

    unauthorized
    > >users. Files cannot be removed or manipulated by an unauthorized user or

    so
    > >called spyware "cleaner" applications or any other Windows software."
    > >
    > >So, does this mean I can see it on msconfig, if so what is the file

    called
    > >and if I can't see it is their a way to do so?
    > >See, I'm not just being obtuse, I would like someone who knows to help,

    if
    > >at all possible. Thanks again for any further help.

    >
    > <snip>
    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
    el duderino, May 12, 2004
    #6
  7. el duderino

    Birgit Guest

    "el duderino" <> wrote in message
    news:el4oc.2630$...
    > yes
    > "Win" <> wrote in message
    > news:40a09b8b$...
    > > Do you know how to use msconfig???
    > >
    > >
    > > "el duderino" <> wrote in message
    > > news:eek:00oc.2006$...
    > > > If a keylogger has been installed onto my 'puter will spybot or

    suchlike
    > > > find it. If not, could someone please tell me how to check or is

    there
    > a
    > > > program out there that will find it?
    > > > Thanks in advance
    > > >
    > > >

    > >
    > >

    >



    I doubt you do, hence your question.
    Birgit, May 12, 2004
    #7
  8. el duderino

    °Mike° Guest

    I *did* read the post; you said:
    "If a keylogger has been installed onto my 'puter"

    If a file can be placed on your computer and run,
    it can be deactivated and uninstalled -- the hype
    *would* say otherwise, wouldn't it? It's obviously not
    as simple as the usual uninstall, but it can be done.


    On Wed, 12 May 2004 00:46:13 +0100, in
    <eBdoc.21222$%>
    el duderino scrawled:

    >Please read the post. I said I had a copy of it, not that I was running it.
    >I do not fully understand it so I haven't run it. There are also lots of
    >others around which may well work differently. As it says "Files cannot be
    >removed or manipulated by an unauthorized user or so
    >called spyware "cleaner" applications or any other Windows software.".
    >Therefore I wondered if anyone knew how to find out if one had it on one's
    >'puter?
    >And anyway, I cannot / do not want to d/l a copy of Iopus's new 'actmon', so
    >it may use a new file system.
    >
    >"°Mike°" <> wrote in message
    >news:...
    >> If you knowingly have a copy of Actmon on your
    >> system, then you will know the password to uninstall
    >> it, won't you?
    >>
    >>
    >> On Tue, 11 May 2004 16:02:37 +0100, in
    >> <jW5oc.3207$>
    >> el duderino scrawled:
    >>
    >> >I do, I'm just not certain of what every single entry is. So I guess I
    >> >don't :).
    >> >Anyway, now is there any chance of some assistance or were you just

    >checking
    >> >my knowledge.
    >> >The reason I ask is that I have a copy of Iopus Starr (now called

    >'actmon')
    >> >which states on the site (quote)
    >> >
    >> >"Only ActMon has a unique "kernel-level" file protection: Files are not

    >just
    >> >hidden. They are completely inaccessible and truly invisible to

    >unauthorized
    >> >users. Files cannot be removed or manipulated by an unauthorized user or

    >so
    >> >called spyware "cleaner" applications or any other Windows software."
    >> >
    >> >So, does this mean I can see it on msconfig, if so what is the file

    >called
    >> >and if I can't see it is their a way to do so?
    >> >See, I'm not just being obtuse, I would like someone who knows to help,

    >if
    >> >at all possible. Thanks again for any further help.

    >>
    >> <snip>
    >>
    >> --
    >> Basic computer maintenance
    >> http://uk.geocities.com/personel44/maintenance.html

    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, May 12, 2004
    #8
  9. el duderino

    el duderino Guest

    I'm sorry, I obviously didn't make myself clear. I know it CAN be removed,
    what I would like to know is if anyone knows how to IDENTIFY it so that it
    can be removed.
    Thanks
    "°Mike°" <> wrote in message
    news:...
    > I *did* read the post; you said:
    > "If a keylogger has been installed onto my 'puter"
    >
    > If a file can be placed on your computer and run,
    > it can be deactivated and uninstalled -- the hype
    > *would* say otherwise, wouldn't it? It's obviously not
    > as simple as the usual uninstall, but it can be done.
    >
    >
    > On Wed, 12 May 2004 00:46:13 +0100, in
    > <eBdoc.21222$%>
    > el duderino scrawled:
    >
    > >Please read the post. I said I had a copy of it, not that I was running

    it.
    > >I do not fully understand it so I haven't run it. There are also lots of
    > >others around which may well work differently. As it says "Files cannot

    be
    > >removed or manipulated by an unauthorized user or so
    > >called spyware "cleaner" applications or any other Windows software.".
    > >Therefore I wondered if anyone knew how to find out if one had it on

    one's
    > >'puter?
    > >And anyway, I cannot / do not want to d/l a copy of Iopus's new 'actmon',

    so
    > >it may use a new file system.
    > >
    > >"°Mike°" <> wrote in message
    > >news:...
    > >> If you knowingly have a copy of Actmon on your
    > >> system, then you will know the password to uninstall
    > >> it, won't you?
    > >>
    > >>
    > >> On Tue, 11 May 2004 16:02:37 +0100, in
    > >> <jW5oc.3207$>
    > >> el duderino scrawled:
    > >>
    > >> >I do, I'm just not certain of what every single entry is. So I guess

    I
    > >> >don't :).
    > >> >Anyway, now is there any chance of some assistance or were you just

    > >checking
    > >> >my knowledge.
    > >> >The reason I ask is that I have a copy of Iopus Starr (now called

    > >'actmon')
    > >> >which states on the site (quote)
    > >> >
    > >> >"Only ActMon has a unique "kernel-level" file protection: Files are

    not
    > >just
    > >> >hidden. They are completely inaccessible and truly invisible to

    > >unauthorized
    > >> >users. Files cannot be removed or manipulated by an unauthorized user

    or
    > >so
    > >> >called spyware "cleaner" applications or any other Windows software."
    > >> >
    > >> >So, does this mean I can see it on msconfig, if so what is the file

    > >called
    > >> >and if I can't see it is their a way to do so?
    > >> >See, I'm not just being obtuse, I would like someone who knows to

    help,
    > >if
    > >> >at all possible. Thanks again for any further help.
    > >>
    > >> <snip>
    > >>
    > >> --
    > >> Basic computer maintenance
    > >> http://uk.geocities.com/personel44/maintenance.html

    > >

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
    el duderino, May 12, 2004
    #9
  10. el duderino

    Plato Guest

    el duderino wrote:
    >
    > I'm sorry, I obviously didn't make myself clear. I know it CAN be removed,
    > what I would like to know is if anyone knows how to IDENTIFY it so that it
    > can be removed.


    First off. I wouldn't trust an anti-spyware app. to find a dedicated
    professional keylogger.

    Secondly, a software keylogger has to be running of course to work. The
    good ones wont show up in the usual places eg Alt-Ctrl-Del or msconfig.
    And they wont show up either in the popular utils like StartUpCP or
    StartUpCop.

    Thirdly, one can configure a professional keylogger to only run when a
    specific application is run, like AOL for example. It may even be
    disguised as an AOL or Windows .dll file.

    However, they should show up in http://www.iarsn.com/tskinf40.exe tho it
    may take some time to ID it. Note that there are many professional
    keyloggers out there and there is no standard method to locate them on
    your PC.

    Also note that there are hardware keyloggers that can be implanted in
    your keyboard. Best bet? Assume that anything you do on your PC may
    appear on the front page of
    tomorrows newspaper or your boss's desk.



    --
    http://www.bootdisk.com/
    Plato, May 12, 2004
    #10
  11. el duderino

    el duderino Guest

    Oh thank you Plato, you were always my favourite philosopher (well, except
    Sartre, Nietzsche....etc) :)
    Seriously, that is the sort of answer I have been looking for from the
    beginning, cheers again
    "Plato" <|@|.|> wrote in message
    news:40a2646c$0$64551$...
    > el duderino wrote:
    > >
    > > I'm sorry, I obviously didn't make myself clear. I know it CAN be

    removed,
    > > what I would like to know is if anyone knows how to IDENTIFY it so that

    it
    > > can be removed.

    >
    > First off. I wouldn't trust an anti-spyware app. to find a dedicated
    > professional keylogger.
    >
    > Secondly, a software keylogger has to be running of course to work. The
    > good ones wont show up in the usual places eg Alt-Ctrl-Del or msconfig.
    > And they wont show up either in the popular utils like StartUpCP or
    > StartUpCop.
    >
    > Thirdly, one can configure a professional keylogger to only run when a
    > specific application is run, like AOL for example. It may even be
    > disguised as an AOL or Windows .dll file.
    >
    > However, they should show up in http://www.iarsn.com/tskinf40.exe tho it
    > may take some time to ID it. Note that there are many professional
    > keyloggers out there and there is no standard method to locate them on
    > your PC.
    >
    > Also note that there are hardware keyloggers that can be implanted in
    > your keyboard. Best bet? Assume that anything you do on your PC may
    > appear on the front page of
    > tomorrows newspaper or your boss's desk.
    >
    >
    >
    > --
    > http://www.bootdisk.com/
    el duderino, May 12, 2004
    #11
  12. el duderino

    °Mike° Guest

    The keylogger in question uses 'virtual devices' (.vxd)
    which do not load from the normally expected locations,
    and cannot be seen in the task manager; if it were
    easily identifiable, there would not be much point to
    keyloggers, would there?


    On Wed, 12 May 2004 08:11:13 +0100, in
    <n6koc.1497$>
    el duderino scrawled:

    >I'm sorry, I obviously didn't make myself clear. I know it CAN be removed,
    >what I would like to know is if anyone knows how to IDENTIFY it so that it
    >can be removed.
    >Thanks
    >"°Mike°" <> wrote in message
    >news:...
    >> I *did* read the post; you said:
    >> "If a keylogger has been installed onto my 'puter"
    >>
    >> If a file can be placed on your computer and run,
    >> it can be deactivated and uninstalled -- the hype
    >> *would* say otherwise, wouldn't it? It's obviously not
    >> as simple as the usual uninstall, but it can be done.
    >>

    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, May 12, 2004
    #12
  13. el duderino

    el duderino Guest

    Which is why I was asking???? Maybe???
    Thanks for the .vxd tip though.
    Seriously, I may have phrased my original Q. badly but this (& Plato's
    reply) were the assistance that I was looking for.
    Cheers again
    "°Mike°" <> wrote in message
    news:40ae8448.5522343@localhost...
    > The keylogger in question uses 'virtual devices' (.vxd)
    > which do not load from the normally expected locations,
    > and cannot be seen in the task manager; if it were
    > easily identifiable, there would not be much point to
    > keyloggers, would there?
    >
    >
    > On Wed, 12 May 2004 08:11:13 +0100, in
    > <n6koc.1497$>
    > el duderino scrawled:
    >
    > >I'm sorry, I obviously didn't make myself clear. I know it CAN be

    removed,
    > >what I would like to know is if anyone knows how to IDENTIFY it so that

    it
    > >can be removed.
    > >Thanks
    > >"°Mike°" <> wrote in message
    > >news:...
    > >> I *did* read the post; you said:
    > >> "If a keylogger has been installed onto my 'puter"
    > >>
    > >> If a file can be placed on your computer and run,
    > >> it can be deactivated and uninstalled -- the hype
    > >> *would* say otherwise, wouldn't it? It's obviously not
    > >> as simple as the usual uninstall, but it can be done.
    > >>

    > >

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
    el duderino, May 12, 2004
    #13
  14. el duderino

    Plato Guest

    °Mike° wrote:
    >
    > The keylogger in question uses 'virtual devices' (.vxd)
    > which do not load from the normally expected locations,
    > and cannot be seen in the task manager; if it were
    > easily identifiable, there would not be much point to
    > keyloggers, would there?


    The free ones are easy to ID and remove tho :)



    --
    http://www.bootdisk.com/
    Plato, May 13, 2004
    #14
  15. el duderino

    el duderino Guest

    Funnily enough I looked at the Guardian Online today and in the 'Ask Jack'
    section found this:
    Just checking
    How would I find out whether I have a keystroke logger on my PC?
    Mani B

    JS: There is no foolproof approach, but the popular anti-virus and
    anti-Trojan programs will find the common keyloggers that are sometimes
    dropped by viruses. If you are more suspicious, there's Pest Patrol, which
    is good, and Anti-Keylogger, which I have not tried. However, a keylogger
    will probably record keystrokes in some kind of file, and it may be possible
    to detect this.

    For example, disconnect your PC from the internet, clear out all temporary
    files, reboot and leave it running overnight. In the morning, create and
    save a few large text files in Notepad (or simple text editor), then search
    the whole drive for files created or modified in the past hour. Make sure
    the search includes system and/or hidden files, and double check the folders
    that hold temporary files. If there are any files you do not recognise, see
    what they contain and what created them






    "Plato" <|@|.|> wrote in message
    news:40a3b440$0$325$...
    > °Mike° wrote:
    > >
    > > The keylogger in question uses 'virtual devices' (.vxd)
    > > which do not load from the normally expected locations,
    > > and cannot be seen in the task manager; if it were
    > > easily identifiable, there would not be much point to
    > > keyloggers, would there?

    >
    > The free ones are easy to ID and remove tho :)
    >
    >
    >
    > --
    > http://www.bootdisk.com/
    el duderino, May 14, 2004
    #15
  16. el duderino

    Plato Guest

    Some of the professional keyloggers I've used you can set them them to
    email the log to an email address at whatever interval you want and then
    delete the log file. If the PC has a dialup it will wait until it sees a
    connection so you dont notice the mail or get an "error notice". I can
    install one of these on your PC while you're out to lunch and the boss
    can start getting results mailed to him/her before you know what's
    happened.
    Plato, May 14, 2004
    #16
  17. el duderino

    Lisa Taylor Guest

    "el duderino" <> wrote in message
    news:LGToc.4377$...
    > Funnily enough I looked at the Guardian Online today and in the 'Ask Jack'
    > section found this:
    > Just checking
    > How would I find out whether I have a keystroke logger on my PC?
    > Mani B
    >
    > JS: There is no foolproof approach, but the popular anti-virus and
    > anti-Trojan programs will find the common keyloggers that are sometimes
    > dropped by viruses. If you are more suspicious, there's Pest Patrol, which
    > is good, and Anti-Keylogger, which I have not tried. However, a keylogger
    > will probably record keystrokes in some kind of file, and it may be

    possible
    > to detect this.
    >
    > For example, disconnect your PC from the internet, clear out all temporary
    > files, reboot and leave it running overnight. In the morning, create and
    > save a few large text files in Notepad (or simple text editor), then

    search
    > the whole drive for files created or modified in the past hour. Make sure
    > the search includes system and/or hidden files, and double check the

    folders
    > that hold temporary files. If there are any files you do not recognise,

    see
    > what they contain and what created them

    ------------------------
    Thank you for this information El Duderino, it is really useful to me.
    Lisa
    Lisa Taylor, May 14, 2004
    #17
  18. el duderino

    el duderino Guest

    You are welcome, I didn't think I had one on my 'puter but being as I have a
    copy of the old 'Iopus Starr' I was messing around with (and which will do
    exactly what Plato said) I thought it would be useful to know how to remove
    them if needed:)
    "Lisa Taylor" <> wrote in message
    news:40a45c2d$0$22832$...
    > "el duderino" <> wrote in message
    > news:LGToc.4377$...
    > > Funnily enough I looked at the Guardian Online today and in the 'Ask

    Jack'
    > > section found this:
    > > Just checking
    > > How would I find out whether I have a keystroke logger on my PC?
    > > Mani B
    > >
    > > JS: There is no foolproof approach, but the popular anti-virus and
    > > anti-Trojan programs will find the common keyloggers that are sometimes
    > > dropped by viruses. If you are more suspicious, there's Pest Patrol,

    which
    > > is good, and Anti-Keylogger, which I have not tried. However, a

    keylogger
    > > will probably record keystrokes in some kind of file, and it may be

    > possible
    > > to detect this.
    > >
    > > For example, disconnect your PC from the internet, clear out all

    temporary
    > > files, reboot and leave it running overnight. In the morning, create and
    > > save a few large text files in Notepad (or simple text editor), then

    > search
    > > the whole drive for files created or modified in the past hour. Make

    sure
    > > the search includes system and/or hidden files, and double check the

    > folders
    > > that hold temporary files. If there are any files you do not recognise,

    > see
    > > what they contain and what created them

    > ------------------------
    > Thank you for this information El Duderino, it is really useful to me.
    > Lisa
    >
    >
    el duderino, May 14, 2004
    #18
  19. el duderino

    William Guest

    "Win" <> wrote in message news:<40a09b8b$>...
    > Do you know how to use msconfig???


    Not all keyloggers can be found using msconfig. Powerful (but in 99%
    this is shareware products) keyloggers can hide their entry in
    registry, in processes etc (fully invesible programs). So, even
    msconfig will not help you. Like example I can suggest you to try PC
    Acme 7.2:
    1. I can find it`s entry in registry;
    2. No process;
    2. I can`t find program that detects it yet;
    and so on.
    However, there are many keyloggers that hide themselves from the
    registry....


    > "el duderino" <> wrote in message
    > news:eek:00oc.2006$...
    > > If a keylogger has been installed onto my 'puter will spybot or suchlike
    > > find it. If not, could someone please tell me how to check or is there a
    > > program out there that will find it?
    > > Thanks in advance


    Have a nice day!

    William H|_|nter
    William, May 17, 2004
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mannia

    keylogger question

    mannia, Aug 1, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    1,384
    Paul - xxx
    Aug 1, 2003
  2. Tin-Char D'un

    Re: keylogger question

    Tin-Char D'un, Aug 2, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    503
    Melissa J Crabbe
    Aug 2, 2003
  3. deleted item

    Keylogger Trojan

    deleted item, May 18, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    1,948
    reid decker
    May 21, 2004
  4. Daniel

    Keylogger - checking for one.

    Daniel, May 28, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    3,646
    Rosco
    May 28, 2004
  5. Nobody Here

    Looking for keylogger search program

    Nobody Here, Oct 17, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    8,178
    Nobody Here
    Oct 17, 2004
Loading...

Share This Page